Add activate-credential service to metadata server #4132
Conversation
go-tpm has move the old tpm2 interfaces to "legacy/tpm2", this commit updates tpm2 import paths in pillar to reflect the change and make it possible to use "legacy/tpm2/credactivation" apis. Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
shjala
changed the title
|
The go tests fail at |
working on it. |
| // as it contains the type. so make sure the length is greater than 2. | ||
| if len(credBlob) < 2 || len(encryptedSecret) < 2 { |
There was a problem hiding this comment.
sure the length is greater than 2
but your check is if it is greater or equal than 2
There was a problem hiding this comment.
I just want to skip the first two bytes, so it should have at least 2 bytes, it is up to ActivateCredential how it wants to handle empty buffer.
Activate credential provides proof that the Endorsement Key (EK) and a signig key (in this case eve created AIK) are owned by the same TPM. This is way to extend the trust from EK (which theoretically comes with OEM certificate) to a arbitrary TPM resident, restricted, signing key. The added service allows to stablish trust to the AIK and sign arbitrary data with it. Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
If EvictControl fails, log a warning and continue. This is a non-fatal error and can happen if the handle does not exist in the TPM. Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
|
Tests all green but there is one grammar error pointed out by Yetus. |
Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
Activate credential provides proof that the Endorsement Key (EK) and a signing key (in this case eve created AIK) are owned by the same TPM. This is a way to extend the trust from EK (which theoretically comes with OEM certificate) to a arbitrary TPM resident, restricted, signing key. Beside the EK<->AIK proof, this endpoint allows signing arbitrary data with the AIK.
This is part of some primarily work for #4071